Previously, when the graphdir was a root of a mountpoint, we would not
be able to cleanup the graphdir, as the script would umount in case
target dir is a mount itself
```/etc/mtab
/dev/xvdc1 /var/lib/docker btrfs
```
When running the script, the graphdir would be unmounted and it would
remove a (possibly) empty folder.
```
Nuking /var/lib/docker ...
(if this is wrong, press Ctrl+C NOW!)
+ sleep 10
+ umount -f /var/lib/docker
+ rm -rf /var/lib/docker
```
This PR includes the necessary changes to nuke the folder on this
scenario, including when the graphdir is a btrfs mount iself.
Signed-off-by: Bruno Tavares <btavare@thoughtworks.com>
Upstream-commit: 5f98b977496b5c8430162b129cb94c88efb0f3b6
Component: engine
--group-add was used for specifying groups for both service create
and service update. For create it was confusing since we don't have
an existing set of groups. Instead I added --group to create, and
moved --group-add to service update only, like --group-rm
This deals with issue 27646
Signed-off-by: Lily Guo <lily.guo@docker.com>
Update flag documentation
Specify that --group, --group-add and --groupd-rm refers to
supplementary user groups
Signed-off-by: Lily Guo <lily.guo@docker.com>
Fix docs for groups and update completion scripts
Signed-off-by: Lily Guo <lily.guo@docker.com>
Upstream-commit: 2f58494ae6e796325329f849cf547bcf94bb68e3
Component: engine
A HealthConfig entry was added to the ContainerSpec associated with the
service being created or updated.
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
Upstream-commit: 7bd2611789e6898576f7229255c238f7c1129293
Component: engine
Many distributions now use ext4 to provide ext2 and ext3 support,
so do not warn about possibly missing ext3 support if the config
option is used.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: b28619046a92977f33be6b3ddba5e60c589b3c0f
Component: engine
The --name flag was inadvertently added to
docker service update, but is not supported,
as it has various side-effects (e.g., existing
tasks are not renamed).
This removes the flag from the service update
command.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 047e44eeb186a8bde41765a44c5966a150fa84f3
Component: engine
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.
Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.
Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.
There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.
Signed-off-by: Erik St. Martin <alakriti@gmail.com>
Upstream-commit: 56f77d5ade945b3b8816a6c8acb328b7c6dce9a7
Component: engine
We don't support this and no maintainers uses Kate.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: a2f695d7fae47481eba68b92b33257605e4cbada
Component: engine
In #23614 `docker inspect` was semantically enhanced to inspect "everything".
Therefore moving its logic to `_docker_container_inspect` was not correct.
This commit moves it back to its original top-level location (`_docker_inspect`)
so that it can be called by `_docker_{container,image}_inspect` and others (will
be added in follow-up PRs).
Parameterization was added in order to get caller-specific behavior.
Signed-off-by: Harald Albers <github@albersweb.de>
Upstream-commit: 9eb1f554028aab84beaed0d5ff6ecbcbd3848594
Component: engine
